Skills
skills/openclaw/skills/claude/Gen Agent Trust Hub

claude

Warn

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and process untrusted external data (documents and code) and has the capability to transmit results to an external network endpoint.
  • Ingestion points: Usage examples in SKILL.md include "Analyze this code" and "summarize this document".
  • Boundary markers: None identified. There are no delimiters or instructions to treat ingested data as non-executable text.
  • Capability inventory: Uses curl to send data to api.anthropic.com (SKILL.md).
  • Sanitization: No input validation or sanitization logic is present in the skill definition.
  • [Data Exfiltration] (LOW): The skill performs network operations to api.anthropic.com. While this is the legitimate service endpoint, it is not on the pre-approved whitelist, representing a potential exfiltration path if the agent is compromised via indirect injection.
  • [External Downloads] (LOW): The skill metadata in SKILL.md specifies dependencies on system binaries curl and jq. These are standard utilities but introduce a dependency on the host environment's pre-installed tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 14, 2026, 02:12 PM